OLS Won't Build From Source Since 2 Weeks Ago...Build Libraries Changed?

[timnolte]

So 2 weeks ago ModSecurity 3.0.10 was released. The OLS source code appears to be pulling the latest releases of ModSecurity as prior to 2 weeks ago it was pulling version 3.0.9 and the OLS builds ran fine. As it is now, I am no longer able to get OLS to build. This is for the arm64 Docker image. I've been stuck trying to find a viable solution to this. Knowing now that ModSecurity 3.0.10 vs 3.0.9 is the problem I'll continue to dig in to try and find a fix. If anyone has any suggestions it would be greatly appreciated. Currently I'm unable to keep the PHP versions updated on the image.

[litespeedtech]

Not sure, there is no OLS change required for ModSecurity 3.0.10 update. You can try build.sh .

[timnolte]

@litespeedtech has anyone actually tried to build OLS 1.7.17 in the last 2 weeks, since ModSecurity 3.0.10 came out? I am using build.sh to compile the source. Basically I changed nothing with my build setup and after running another build, 2 weeks ag, in order to ensure the underlying OS was updated with all security fixes, the build failed. As I dug into 2hat changes had occurred I found that ModSecurity had a new release at the time the failure started happening.

[timnolte]

Some further information, the build is dying at this point:

g++: error: /build/openlitespeed-1.7.17/src/modules/modsecurity-ls/ModSecurity/src/.libs/libmodsecurity.a: No such file or directory

Basically July 10th I ran a successful build. I kicked off a build on July 26th, without making any updates to the entire Docker image build process, and it started failing when building OLS.

[timnolte]

OK, so I looked at the July 26th build again and actually before the ModSecurity related error I'm seeing this:

cp: cannot stat 'build/src/openlitespeed': No such file or directory

Right before that it was at the point of:

#13 2224.8 [  8%] Linking CXX static library libedio.a
#13 2224.9 [  8%] Built target edio
#13 2224.9 make: *** [Makefile:149: all] Error 2

This build failure on the 26th is here: https://github.com/ndigitals/ols-dockerfiles/actions/runs/5675619821/job/15464329713

The successful build on the 10th is here: https://github.com/ndigitals/ols-dockerfiles/actions/runs/5514901335/job/14930673116

[timnolte]

OK, so looking through those 2 builds starting at the OLS build stage, and getting to the first visible signs of failures, it appears like some issue starting with building boringssl.

#13 1839.5 # command-line-arguments
#13 1839.5 util/embed_test_data.go:81:16: undefined: os.ReadFile
#13 1839.5 util/embed_test_data.go:132:16: undefined: os.ReadFile
#13 1839.5 note: module requires Go 1.19
#13 1839.6 make[2]: *** [CMakeFiles/crypto_test_data.dir/build.make:312: crypto_test_data.cc] Error 2
#13 1839.6 make[2]: *** Deleting file 'crypto_test_data.cc'
#13 1839.6 make[1]: *** [CMakeFiles/Makefile2:611: CMakeFiles/crypto_test_data.dir/all] Error 2
#13 1839.6 make[1]: *** Waiting for unfinished jobs....

There have been a lot of changes in BoringSSL over the past few weeks(https://boringssl.googlesource.com/boringssl/+log) so I'm curious how that library is being included in the project and these recent changes are what's breaking builds.

[litespeedtech]

there are compiling errors for dependencies.

#13 2126.8 /usr/bin/ld: ../lib/.libs/libcurl.a(libcurl_la-sha256.o): in function `my_sha256_init':
#13 2126.8 sha256.c:(.text+0x10): undefined reference to `EVP_MD_CTX_create'
#13 2126.8 /usr/bin/ld: ../lib/.libs/libcurl.a(libcurl_la-sha256.o): in function `my_sha256_final':
#13 2126.8 sha256.c:(.text+0x8c): undefined reference to `EVP_MD_CTX_destroy'
#13 2126.8 /usr/bin/ld: ../lib/.libs/libcurl.a(libcurl_la-sha256.o): in function `Curl_sha256it':
#13 2126.8 sha256.c:(.text+0xac): undefined reference to `EVP_MD_CTX_create'
#13 2126.8 /usr/bin/ld: sha256.c:(.text+0xf8): undefined reference to `EVP_MD_CTX_destroy'
#13 2126.8 /usr/bin/ld: ../lib/.libs/libcurl.a(libcurl_la-openssl.o): in function `pubkey_show':
#13 2126.9 openssl.c:(.text+0x1b4): undefined reference to `BIO_get_mem_data'
#13 2126.9 /usr/bin/ld: openssl.c:(.text+0x1d4): undefined reference to `BIO_reset'
#13 2126.9 /usr/bin/ld: ../lib/.libs/libcurl.a(libcurl_la-openssl.o): in function `ossl_sha256sum':

#13 2216.2 checking for libcurl config script... no
#13 2216.2 configure: *** curl library not found.
#13 2216.2 configure: error: Curl was explicitly referenced but it was not found
#13 2216.3 make: *** No targets specified and no makefile found.  Stop.
#13 2216.3 cp: cannot stat 'src/.libs/libmodsecurity.a': No such file or directory

To fix it, you need to update the third-party project to the latest.

[timnolte]

@litespeedtech interesting as it seems the normal build.sh script that I've been running from the source download has been pulling the third party repo sources.

[timnolte]

That being said I've tried to switch to using the latest 1.7.18 sources which also won't perform a successful build.

[litespeedtech]

should have been addressed.

[timnolte]

I ended up having no choice but to no longer build the releases from source and instead I'm now installing the arm64 binary packages of OLS. This did cause me to be unable to maintain older versions of the OLS image with patched PHP, which is not great, but I haven't received any reports of issues at this point.

[litespeedtech]

Yeah, it is not an easy task to compile all those third-party libraries. Especially, boringSSL. :-)

[wdj55556]

Over the past week, I've been trying to compile version 1.8.0 of OLS on Ubuntu 20. Eventually, I discovered that the compilation issues were due to BoringSSL's requirement for a newer version of Go. The default Go version on Ubuntu 20 is only 1.13, while BoringSSL requires Go 1.17 or higher. Below are the steps I took to successfully install it:

First, I installed some dependencies for OLS. sudo apt-get install build-essential libexpat1-dev libgeoip-dev libpcre3-dev zlib1g-dev libssl-dev libxml2-dev rcs libpng-dev sudo apt-get install php php-common php-curl php-mysql php-opcache php-imap php-opcache

Next, I updated the Go source and installed the latest version of Go. sudo add-apt-repository ppa:longsleep/golang-backports sudo apt upgrade sudo apt install golang-go

If you are in China, you will also need to change the Go proxy. Add the following statement to the ~/.profile and /etc/profile files export GOPROXY="https://goproxy.io“ export GO111MOUDLE="on" then update the ~/.profile and /etc/profile files. source ~/.profile source /etc/profile

Finally, I ran ./build.sh and ./install.sh, which installed OLS successfully.